On 22/09/11 15:21, Ralf Hildebrandt wrote:
The University I work at was suffering from this a *lot*. Phishers kept contacting our users pretending to be from our IT helpdesk asking users to reply with their login details so that their mailbox could be refreshed or so their quota could be fixed and other such things.
Same here.
So I developed an application that sits on our outgoing mail routers looking for login credentials inside emails. If it finds any, it blackholes the email and sends an autoresponse to the sender telling them to never ever send login details via email under any circumstances. It Cc's me in too, and it catches people emailing their logins around on a *daily* basis.
clamav is supposed to be capable of that functionality
Our usernames follow a very strict format, and we have a pretty strict password policy so what my program does is pull out a list of all the *possible* usernames and passwords and then attempts to authenticate against our AD using them.
Ah! That's a nice idea.
Perhaps, if you have a list of the plain text passwords in advance you could use ClamAV. In our case, we don't as we're using an AD. I actually copied the ClamAV tcp and local interface API so that any MTA which can plug in to ClamAV is also able to plug into Kochi. That's one of the things the framework provides.
-- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F